Shouldn't protecting iPhone users from phishers be easier than this?

Last week there were a number of reports that the anti-phishing technology built into the Mobile Safari web browser shipped with Apple's iPhone OS 3.1 software doesn't actually work.

Researchers at Mac security firm Intego reported that it "extensively tested this feature, tossing dozens of phishing URLs at it" before concluding that the touted anti-phishing protection "simply does not seem to work."

However, it appears that that conclusion may have been a little premature. Reporters at The Loop quizzed Apple about the alleged problem, and received an official response claiming that users were not using the proper process to update their protection against phishing websites:

"Safari's anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren't any additional data fees," Apple spokesman, Bill Evans, told The Loop. "After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone."

So, there you have it.

If you want to update the anti-phishing protection on your iPhone all you need to do is launch Safari, connect to a Wi-Fi connection (3G won't be sufficient), charge your iPhone and turn the screen off.

This doesn't seem the most simple and intuitive procedure in the world to me - and as many many new phishing websites are found every day, it's hard to imagine that iPhone owners are going to keep themselves properly up-to-date.

Mind you, as many other smartphones don't offer even the most elementary form of anti-phishing protection to their users, maybe we shouldn't be too hard on Apple.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley